P
US11546292B1ActiveUtilityPatentIndex 65

Identifying hybrid connectivity for traffic flows in a multi-cloud environment

Assignee: VMWARE INCPriority: Nov 25, 2021Filed: Jan 11, 2022Granted: Jan 3, 2023
Est. expiryNov 25, 2041(~15.4 yrs left)· nominal 20-yr term from priority
Inventors:DESHPANDE PRAHALAD GOWARDHANPANDE AMBARISH PRASHANTNIGAM AVINASHRANJAN VISHAL
H04L 2101/668H04L 61/4557H04L 41/12H04L 41/40H04L 41/14
65
PatentIndex Score
3
Cited by
6
References
20
Claims

Abstract

An example method of identifying a hybrid connection associated with a network flow in a multi-cloud computing system includes: obtaining, by a network analyzer, network information from a plurality of data centers in the multi-cloud computing system, the plurality of data centers corresponding to a respective plurality of namespaces; identifying Internet Protocol (IP) subnetworks associated with the hybrid connection from the network information; generating connection indexes for the namespaces relating source IP subnetworks of the IP subnetworks, destination IP subnetworks of the IP subnetworks, and an identifier for the hybrid connection; searching a source IP address and a destination IP address of a flow record for the network flow in the connection indexes to obtain the identifier for the hybrid connection; and tagging the flow record with the identifier for the hybrid connection.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of identifying a hybrid connection associated with a network flow in a multi-cloud computing system, comprising:
 obtaining, by a network analyzer, network information from a plurality of data centers in the multi-cloud computing system, the plurality of data centers corresponding to a respective plurality of namespaces; 
 identifying Internet Protocol (IP) subnetworks associated with the hybrid connection from the network information; 
 generating connection indexes for the namespaces relating source IP subnetworks of the IP subnetworks, destination IP subnetworks of the IP subnetworks, and an identifier for the hybrid connection; 
 searching a source IP address and a destination IP address of a flow record for the network flow in the connection indexes to obtain the identifier for the hybrid connection; and 
 tagging the flow record with the identifier for the hybrid connection. 
 
     
     
       2. The method of  claim 1 , further comprising:
 generating, by the network analyzer based on the network information, a first data structure, the first data structure including a connection entity list for each of the plurality of namespaces, each connection entity list including a set of connection entities, each connection entity including a set of advertised IP subnetworks, a set of learned IP subnetworks, and a connection entity identifier. 
 
     
     
       3. The method of  claim 2 , further comprising:
 generating, by the network analyzer, a second data structure, the second data structure including a namespace index map that maps each of the plurality of namespaces to a corresponding one of the connection indexes. 
 
     
     
       4. The method of  claim 3 , wherein each of the connection indexes includes a source index and a destination index, the source index relating the source IP subnetworks to the identifier of the hybrid connection, the destination index relating the destination IP subnetworks to the identifier of the hybrid connection. 
     
     
       5. The method of  claim 4 , wherein each of the source index and the destination index comprises an interval tree. 
     
     
       6. The method of  claim 4 , wherein the step of searching comprises:
 identifying a first namespace of the plurality of namespaces for the source IP address; 
 obtaining a first connection index of the connection indexes from the namespace index map using the first namespace; 
 searching the source IP address in the source index to obtain a first set of values; 
 searching the destination IP address in the destination index to obtain a second set of values; and 
 determining an intersection of the first and second sets of values, the intersection including the identifier for the hybrid connection. 
 
     
     
       7. The method of  claim 1 , wherein the plurality of data centers include an on- premise data center and a public cloud. 
     
     
       8. A non-transitory computer readable medium comprising instructions to be executed in a computing device to cause the computing device to carry out a method of identifying a hybrid connection associated with a network flow in a multi-cloud computing system, comprising:
 obtaining, by a network analyzer, network information from a plurality of data centers in the multi-cloud computing system, the plurality of data centers corresponding to a respective plurality of namespaces; 
 identifying Internet Protocol (IP) subnetworks associated with the hybrid connection from the network information; 
 generating connection indexes for the namespaces relating source IP subnetworks of the IP subnetworks, destination IP subnetworks of the IP subnetworks, and an identifier for the hybrid connection; 
 searching a source IP address and a destination IP address of a flow record for the network flow in the connection indexes to obtain the identifier for the hybrid connection; and 
 tagging the flow record with the identifier for the hybrid connection. 
 
     
     
       9. The non-transitory computer readable medium of  claim 8 , further comprising:
 generating, by the network analyzer based on the network information, a first data structure, the first data structure including a connection entity list for each of the plurality of namespaces, each connection entity list including a set of connection entities, each connection entity including a set of advertised IP subnetworks, a set of learned IP subnetworks, and a connection entity identifier. 
 
     
     
       10. The non-transitory computer readable medium of  claim 9 , further comprising:
 generating, by the network analyzer, a second data structure, the second data structure including a namespace index map that maps each of the plurality of namespaces to a corresponding one of the connection indexes. 
 
     
     
       11. The non-transitory computer readable medium of  claim 10 , wherein each of the connection indexes includes a source index and a destination index, the source index relating the source IP subnetworks to the identifier of the hybrid connection, the destination index relating the destination IP subnetworks to the identifier of the hybrid connection. 
     
     
       12. The non-transitory computer readable medium of  claim 11 , wherein each of the source index and the destination index comprises an interval tree. 
     
     
       13. The non-transitory computer readable medium of  claim 11 , wherein the step of searching comprises:
 identifying a first namespace of the plurality of namespaces for the source IP address; 
 obtaining a first connection index of the connection indexes from the namespace index map using the first namespace; 
 searching the source IP address in the source index to obtain a first set of values; 
 searching the destination IP address in the destination index to obtain a second set of values; and 
 determining an intersection of the first and second sets of values, the intersection including the identifier for the hybrid connection. 
 
     
     
       14. The non-transitory computer readable medium of  claim 8 , wherein the plurality of data centers include an on-premise data center and a public cloud. 
     
     
       15. A virtualized computing system, comprising:
 a plurality of data centers corresponding to a respective plurality of namespaces; and 
 a network analyzer, executing in one of the plurality of data centers, configured to identify a hybrid connection associated with a network flow by:
 obtaining, by a network analyzer, network information from a plurality of data centers, the plurality of data centers corresponding to a respective plurality of namespaces; 
 identifying Internet Protocol (IP) subnetworks associated with the hybrid connection from the network information; 
 generating connection indexes for the namespaces relating source IP subnetworks of the IP subnetworks, destination IP subnetworks of the IP subnetworks, and an identifier for the hybrid connection; 
 searching a source IP address and a destination IP address of a flow record for the network flow in the connection indexes to obtain the identifier for the hybrid connection; and 
 tagging the flow record with the identifier for the hybrid connection. 
 
 
     
     
       16. The virtualized computing system of  claim 15 , wherein the network analyzer is configured to:
 generate, based on the network information, a first data structure, the first data structure including a connection entity list for each of the plurality of namespaces, each connection entity list including a set of connection entities, each connection entity including a set of advertised IP subnetworks, a set of learned IP subnetworks, and a connection entity identifier. 
 
     
     
       17. The virtualized computing system of  claim 16 , wherein the network analyzer is configured to:
 generate a second data structure, the second data structure including a namespace index map that maps each of the plurality of namespaces to a corresponding one of the connection indexes. 
 
     
     
       18. The virtualized computing system of  claim 17 , wherein each of the connection indexes includes a source index and a destination index, the source index relating the source IP subnetworks to the identifier of the hybrid connection, the destination index relating the destination IP subnetworks to the identifier of the hybrid connection. 
     
     
       19. The virtualized computing system of  claim 18 , wherein each of the source index and the destination index comprises an interval tree. 
     
     
       20. The virtualized computing system of  claim 18 , wherein the network analyzer is configured to perform the searching by:
 identifying a first namespace of the plurality of namespaces for the source IP address; 
 obtaining a first connection index of the connection indexes from the namespace index map using the first namespace; 
 searching the source IP address in the source index to obtain a first set of values; 
 searching the destination IP address in the destination index to obtain a second set of values; and 
 determining an intersection of the first and second sets of values, the intersection including the identifier for the hybrid connection.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.